If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Bios based malware

A Chinese AV company 360 discovered a new Trojan, the “BMW Virus” (also called Mebromi), that can actually infect a computers BIOS: “BMW 360 Security Center virus is the latest catch of a high-risk virus, the virus that infected a chain BIOS (motherboard chip program), MBR (master boot drive) and Windows system files, reinstall the system, regardless of the victim computer, format the hard disk, or replace the hard disk can not completely remove the virus.”

I have sort of been following this kind of thing ever since the Magistr virus of years ago. That one just tried to trash the BIOS by flashing it with garbage, but that got me thinking about the potential for a more structured and targeted attack on the BIOS and other firmware.

This new one has got me thinking...........over the past 10 years or so I have mostly used Gigabyte MoBos, mainly because they have a pretty good price/performance ratio over here. They have a feature called "DualBios" which is actually two independent BIOS chips on the MoBo. If the BIOS gets screwed up for whatever reason you just restore it from the backup which is not flashable AFAIK.

OK, you may then have to reflash with the latest version, but at least it gets you up and running

I guess the "solution" is to prepare a bootable BIOS flash medium just in case, particularly if you only have one computer.

I haven't had time to give it much thought yet but at this point I guess I would go:

I am not sure that I would expect AV providers to supply a BIOS cleaner at this stage..........I think that correct detection is more important.

What I didn't pick up is what versions of the Award BIOS are vulnerable. This could be a problem with older kit where the BIOS is not flashable with a current version. I guess it is up to OEMs to ensure that they provide legacy support, and for users to be prepared?

I am also wondering just how specific a BIOS has to be..........this particular machine has an ECS K7S5A MoBo and I flashed it with a third party BIOS so that it would support Silverlight.

For the more complacent amongst you:

Just because you have AMI or a Mac doesn't mean you are invulnerable.

@Cider:

Do any of you AV guys incorporate, or have a tool that scans BIOS and firmware?

Yeah! Yeah! ................ I am typing this on a 3/4 built machine for "Windows 2cubed"........................ The Windows Developer Preview version I downloaded this morning doesn't say more than that I have emboldened.

However, this is IE 10 (Developer Preview) that I am using! I am very much into cutting edge testing as it happens.

I would gladly contribute to the effort if I could. I do have a number of machines coming up for a virtual total refit, so I am not likely to risk much, if anything.